ioFTPD General New releases, comments, questions regarding the latest version of ioFTPD. |
10-05-2007, 02:41 PM
|
#1
|
Senior Member
ioFTPD Registered User
Join Date: Sep 2003
Posts: 273
|
Question about FXP SSL
Can you ssl fxp from ioftpd 6.2.1 - ioftpd 5.8.5r?
I tried myslef recently with no success. Did I do something wrong or do I need v.6 on both?
I know, I have alot caching up to do.
|
|
|
10-05-2007, 04:59 PM
|
#2
|
Too much time...
FlashFXP Beta Tester ioFTPD Administrator
Join Date: May 2005
Posts: 1,194
|
Heya odd. ioFTPD 5.x can only SSL in a server role, therefor there is no way for two 5.x servers to FXP over SSL. Since you have a v6 ioFTPD this should work.
If you're using FlashFXP make sure you enable FXP SSL for both sites. I think Flash properly recognizes that one site (the v6 one) supports SSCN to configure client mode so it will do that and let the other default to a server role. Things should just work.
If it doesn't just work, try disconnecting from both sites and reconnect with the sides switched. So if site A was on the left, site B was on the right connect with B on the left this time. This can reverse the client/server roles for the two sites... I think that's what I did way back when I tested v5 talking to v6 and it didn't work at first. I think FlashFXP got smarter since then though.
Last edited by Yil; 10-05-2007 at 07:12 PM.
|
|
|
10-06-2007, 06:33 AM
|
#3
|
Senior Member
ioFTPD Registered User
Join Date: Sep 2003
Posts: 273
|
Thank you for your help but Iam still haveing problem.
This is what ive found out so far.
It only works If I do a transfer from ioftpd v.6.2.1 - ioftpd v.5.8.5r. If I do the opposite way it wont work(ioftpd v.5.8.5r - ioftpd v.6.2.1).
It looks like i need to get SSCN on and it only works If I do a transfere from v6 to v5 first. When Ive done a this transfer I can transfer both way v5-v6 and v6-v5.
Code:
[13:53:08] TYPE I
[13:53:08] 200 Type set to I.
[13:53:08] SSCN ON
[13:53:08] 200 SSCN:CLIENT METHOD
[13:53:08] PASV
[13:53:08] 227 Entering Passive Mode (000,000,000,001,117,86)
[13:53:08] PORT 000,000,000,001,117,86
[13:53:08] 200 PORT command successful.
[13:53:08] STOR file.r08
[13:53:09] 150 Opening BINARY mode data connection for file.r08.
[13:53:09] RETR file.r08
[13:53:09] 150 Opening BINARY mode data connection for file.r08.
[13:53:10] Transferred: file.r08 14,31 MB in 1,41 second (10 418,5 KB/s)
This is what happens If I do the opposite(v5 to v6) first
Code:
[13:58:03] TYPE I
[13:58:03] 200 Type set to I.
[13:58:03] TYPE I
[13:58:03] 200 Type set to I.
[13:58:03] CPSV
[13:58:03] 500 'CPSV': Command not understood
[13:58:03] Secure site to site transfers not supported by this ftp server
[13:58:03] Transfer Failed!
[13:58:03] 1 File failed to transfer
[13:58:03] Server Error, Aborted
Any ideas?
Last edited by odd; 10-06-2007 at 07:03 AM.
|
|
|
10-06-2007, 02:25 PM
|
#4
|
Senior Member
ioFTPD Scripter
Join Date: Oct 2002
Posts: 703
|
ioFTPD v5.x can only receive ssl fxp, not send. So when you fxp from ioFTPD v6.x to v5.x it should be encrypted - but when you do it the other way around (and have "Secure Site To Site Transfers" enabled for both) you will get that error message since v5.x cannot initiate the ssl transfer (just receive).
When the fxp works from v5.x to v6.x the data is not encrypted.
/ZR
|
|
|
10-06-2007, 07:04 PM
|
#5
|
Senior Member
ioFTPD Registered User
Join Date: Sep 2003
Posts: 273
|
Quote:
Originally Posted by Zer0Racer
ioFTPD v5.x can only receive ssl fxp, not send. So when you fxp from ioFTPD v6.x to v5.x it should be encrypted - but when you do it the other way around (and have "Secure Site To Site Transfers" enabled for both) you will get that error message since v5.x cannot initiate the ssl transfer (just receive).
When the fxp works from v5.x to v6.x the data is not encrypted.
/ZR
|
So to be clear. I need v6 on both sides to be able to encrypt data transfers both ways and only v6 can fxp to v5 not the opposite way.
I change the settings in ioftpd.ini on the v6-site so it forces everyone to use SSL3 when transfering data, so it should be impossible to transfer unencrypted data. Here is what happens.
Impossible to fxp from v6 to v5 from now on.
Any ideas? and is it only me that are haveing problems getting ssl-fxp to work on v6?
Here is the log:
Code:
[01:46:30] TYPE I
[01:46:30] 200 Type set to I.
[01:46:30] TYPE I
[01:46:30] 200 Type set to I.
[01:46:30] SSCN ON
[01:46:30] 200 SSCN:CLIENT METHOD
[01:46:30] PASV
[01:46:30] 227 Entering Passive Mode (000,000,000,000,117,65)
[01:46:30] PORT 000,000,000,000,117,65
[01:46:30] 200 PORT command successful.
[01:46:30] STOR file.r22
[01:46:30] 150 Opening BINARY mode data connection for file.r22.
[01:46:30] RETR file.r22
[01:46:30] 150 Opening BINARY mode data connection for file.r22.
[01:46:30] 426 Connection closed: The specified network name is no longer available.
[01:46:30] ABOR
[01:46:30] 426 Connection closed: Incorrect function.
[01:46:30] 226 ABOR command successful.
[01:46:30] ABOR
[01:46:30] 226 ABOR command successful.
[01:46:31] Transfer Failed!
|
|
|
10-06-2007, 09:38 PM
|
#6
|
Too much time...
FlashFXP Beta Tester ioFTPD Administrator
Join Date: May 2005
Posts: 1,194
|
Actually Zero I think it's possible to have totally encrypted FXP between v5 and v6. The trick is you need to get flash to set the v6 to act as a client (which is what SSCN does for all transfers) or to act in receiver role.
If you do a v6->v5 which is what odd did, Flash figures out only one site supports SSCN so it enables client mode on that site, and from then on everything works great in BOTH directions which is again what appears to be happening. v5->v6 first and Flash didn't do the right thing. It looks like it tried to use CPSV on v5 which is a dumb thing to do since v5 never advertised support for the command in a FEAT response since v5 doesn't support that either. Is this the latest version of Flash? Like I said I think older versions didn't do as well as newer versions.
Also, did you try switching sides? It sounds silly, but because I think Flash interprets the client/server role differently depending on the side you queue the transfer on it really might make a difference.
For the moment just make sure you send a 1k file or something from v6 to v5 first and from then on everything should work fine
|
|
|
10-07-2007, 06:13 AM
|
#7
|
Senior Member
ioFTPD Registered User
Join Date: Sep 2003
Posts: 273
|
Quote:
Originally Posted by Yil
Is this the latest version of Flash? Like I said I think older versions didn't do as well as newer versions.
|
Ive tried latest beta(FlashFXP V 3.5.1(build 1200) [3.6 RC1]) and v3.4.0 I think i was with no success.
Quote:
Originally Posted by Yil
Also, did you try switching sides? It sounds silly, but because I think Flash interprets the client/server role differently depending on the side you queue the transfer on it really might make a difference.
|
Have tried this also with no success.
Quote:
Originally Posted by Yil
For the moment just make sure you send a 1k file or something from v6 to v5 first and from then on everything should work fine
|
This doesnt work anymore. Since I forced everyone to use encryption when transfereing data with the command in ioftpd.ini I havent been able to fxp anymore. Everytime it fails.
When it worked before it had to be unencrypted.
FlashFXP V 3.5.1(build 1200) [3.6 RC1]
IP: 111.111.111.111 is ioFTPD V.6.2.1
IP: 222.222.222.222 is ioFTPD V.5.8.5r
I have, as said before forced users to use secure data transfers in ioftpd.ini with following settings:
Require_Encrypted_Auth = !MS *
Require_Encrypted_Data = *
Code:
[12:59:02] [L] TYPE I
[12:59:02] [L] 200 Type set to I.
[12:59:02] [R] TYPE I
[12:59:02] [R] 200 Type set to I.
[12:59:02] [L] SSCN ON
[12:59:02] [L] 200 SSCN:CLIENT METHOD
[12:59:02] [L] PASV
[12:59:02] [L] 227 Entering Passive Mode (111,111,111,111,117,83)
[12:59:02] [R] PORT 111,111,111,111,117,83
[12:59:02] [R] 200 PORT command successful.
[12:59:02] [R] STOR file.r00
[12:59:02] [R] 150 Opening BINARY mode data connection for file.r00.
[12:59:02] [L] RETR file.r00
[12:59:02] [L] 150 Opening BINARY mode data connection for file.r00.
[12:59:02] [L] 426 Connection closed: Incorrect function.
[12:59:02] [L] ABOR
[12:59:02] [R] 426 Connection closed: The specified network name is no longer available.
[12:59:02] [L] 226 ABOR command successful.
[12:59:02] [R] ABOR
[12:59:02] [R] 226 ABOR command successful.
[12:59:02] [R] Transfer Failed!
[12:59:02] [L] TYPE A
[12:59:02] [L] 200 Type set to A.
[12:59:02] [L] PASV
[12:59:02] [L] 227 Entering Passive Mode (111,111,111,111,117,60)
[12:59:02] [L] Opening data connection IP: 111,111,111,111 PORT: 30012
[12:59:02] [L] LIST -al
[12:59:02] [L] Connected. Negotiating SSL session..
[12:59:02] [L] SSL negotiation successful...
[12:59:02] [L] SSL encrypted session using cipher RC4-MD5 (128 bits)
[12:59:02] [L] 150 Opening ASCII mode data connection for directory listing.
[12:59:02] [L] List Complete: 2 KB in 0,24 seconds (10,6 KB/s)
[12:59:02] [R] TYPE A
[12:59:02] [R] 200 Type set to A.
[12:59:02] [R] PASV
[12:59:02] [R] 227 Entering Passive Mode (222,222,222,222,5,157)
[12:59:02] [R] Opening data connection IP: 222,222,222,222 PORT: 1437
[12:59:02] [R] LIST -al
[12:59:02] [R] Connected. Negotiating SSL session..
[12:59:02] [R] 150 Opening ASCII mode data connection for directory listing.
[12:59:02] [R] SSL negotiation successful...
[12:59:02] [R] SSL encrypted session using cipher RC4-MD5 (128 bits)
[12:59:03] [R] List Complete: 2 KB in 0,33 seconds (7,0 KB/s)
[12:59:03] Transfer queue completed
[12:59:03] 1 File failed to transfer
|
|
|
Thread Tools |
|
Display Modes |
Rate This Thread |
Linear Mode
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 12:00 PM.
|